[Snort-openappid] [Snort-users] AppId quickstart

James jlay at ...45...
Fri Oct 24 12:25:43 EDT 2014


Good catch…this is indeed --enable-open-appid…sorry about that.

James

On Oct 24, 2014, at 10:22, Costas Kleopa (ckleopa) <ckleopa at ...5...> wrote:

> Can you confirm if you run:
> ./configure --enable-open-appid
> 
> Below you mentioned: --enable-appid,
> 
> 
> Thanks
> Costas
> 
> 
> On 10/24/14, 12:19 PM, "Joel Esler (jesler)" <jesler at ...5...> wrote:
> 
>> Thanks James.
>> 
>> We¹ve posted several blog posts with instructions, videos, etc on the
>> Snort.org blog: http://blog.snort.org/search/label/openappid
>> 
>> Please check it out.
>> 
>> J
>> 
>>> On Oct 24, 2014, at 8:40 AM, James <jlay at ...45...> wrote:
>>> 
>>> So on Ubuntu 1[0-4]:
>>> 
>>> Download luajit at http://luajit.org/download/LuaJIT-2.0.3.tar.gz (apt
>>> package didn¹t get recognized on snort reconfigure).
>>> Uncompress, make, sudo make install
>>> Download snort-openappid.tar.gz from https://www.snort.org/downloads
>>> Uncompress and move the odp dir to somewhere (I chose /opt/share/)
>>> Recompile snort with adding --enable-appid, make, sudo make install
>>> Add the below to your snort.conf:
>>> 
>>> preprocessor appid : \
>>> 		app_detector_dir /opt/share
>>> 
>>> Test with sudo snort -T -c snort.conf
>>> 
>>> Should see:
>>> 
>>> AppId: adding appIds to list of referred web apps: 1963 1963 1964 1966
>>> 1969 1970 1972 1973 1975 1976 1977 1978 1979 1980 1981 1983 1984 1985
>>> 1986 1987 629 882 711 1393 1727 1728 1821 1992 1993 1806 1822 2022 2021
>>> 2129 2131 1460 1369 1392 2057 2062 1560 665 1458 929 761 2151 2157 2158
>>> 2159 2162 2019 2072 1508 1063 2261 2664 2690
>>> Could not read configuration file /opt/share/custom/userappid.conf
>>> LuaJIT: Version LuaJIT 2.0.3
>>>  Setting tracker size to 219
>>>  TCP Port-Only Services
>>> 
>>> EnjoyŠsubscribe to the snort-openappid list for more information and
>>> help.
>>> 
>>> James
>>> 
>>> -------------------------------------------------------------------------
>>> -----
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>> 
>>> Please visit http://blog.snort.org to stay current on all the latest
>>> Snort news!
>> 





More information about the Snort-openappid mailing list